PerkSpot: Save While You Shop
Version 36.7.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a solid user base of 100,000 users and maintains an excellent 4.9-star rating, suggesting positive user experiences. PerkSpot appears to be a legitimate company offering employee discount services. The extension is actively maintained with version 36.7.0, indicating ongoing development support.
The extension's permission set raises significant privacy and security concerns. The combination of tabs, webNavigation, and broad host permissions creates extensive surveillance capabilities across all websites you visit. The clipboardWrite permission is particularly concerning as it can modify clipboard content without user knowledge, potentially intercepting sensitive data like passwords or personal information. The content scripts running on all HTTP/HTTPS sites means the extension can monitor and potentially modify every webpage you visit, far exceeding what's necessary for a shopping discount tool.
Given the critical risk level, consider running this extension in a completely separate Chrome profile dedicated solely to shopping activities. This isolates the extension's broad access from your primary browsing activities, banking, and personal accounts. Before installation, verify the extension is actually needed - many discount services work effectively through their websites without requiring such invasive browser permissions. If you must use it, regularly review your browsing data and consider using it only when actively shopping for discounts.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
- webNavigation
- clipboardWrite
- *://*.perkspot.com/*
Host Permissions:
- *://*.perkspot.com/*
- *://*.perkspot.local/*
Embedded URLs (2126 total):
| http://www.w3.org/2000/svg | https://fontawesome.com | |
| https://fontawesome.com/license/free | https://getbootstrap.com/ | |
| https://github.com/twbs/bootstrap/blob/main/LICENSE | http://daneden.me/animate | |
| http://opensource.org/licenses/MIT | http://bit.ly/sp-js | |
| https://perkspot-api.perkspot.com | https://perkspot-api.perkspot.com/authapi/api | |
| https://bxfeedback.perkspot.com | https://c.perkspot.com | |
| https://ps-prod-bxnotif-functionapp.azurewebsites.net/api | https://browserx.perkspot.com/pages/browserx | |
| https://browserx.perkspot.com | https://signin.perkspot.com/bx/auth | |
| https://perkspot-api-qa.perkspot.com | https://perkspot-api.qa.perkspot.com/authapi/api | |
| https://com-perkspot-qa1.collector.snplow.net | https://ps-qa-bxnotif-functionapp.azurewebsites.net/api | |
| https://browserx.qa.perkspot.com | https://signin.qa.perkspot.com/bx/auth | |
| https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/collections/perx-gift-circle.svg | https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/rewards/ps25b-gift_card_icon.svg | |
| https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/premiumperks/ps25b-premium-perks-check-filled.svg | https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/fmtc/globe-Icon.svg | |
| https://psprods3ep.azureedge.net/cdn.perkspot.com/prod/images/collections/double-points.png | https://reactjs.org/docs/error-decoder.html?invariant= | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | https://browserx.perkspot.local/pages/browserx | |
| https://browserx.perkspot.local | https://docs.datadoghq.com | |
| http://19crimes.com/ | http://BiOptimizers.com | |
| http://bubledon.com | http://cricut.com | |
| http://denbypottery.com/ | http://faithheart-jewelry.com/ | |
| http://hoka.com/en/us | http://katespadeoutlet.com/ | |
| http://lemero.com/ | http://marmot.com/ | |
| http://paintyourlife.com | http://sunnysports.com/ | |
| http://tjmaxx.tjx.com/store/index.jsp | http://www.abcya.com/ | |
| http://www.academy.com/ | http://www.ActionHeat.com | |
| http://www.att.com | http://www.basspro.com | |
| http://www.bearaby.com | http://www.bestbuy.com/ | |
| http://www.childrensplace.com/ | http://www.diviofficial.com/ | |
| http://www.ecampus.com/ | http://www.exofficio.com/ | |
| http://www.famousfootwear.com/ | http://www.fast-growing-trees.com | |
| http://www.finishline.com | http://www.fostergrant.com | |
| http://www.fragrancex.com/ | http://www.francosarto.com/ | |
| http://www.fredmeyerjewelers.com/ | http://www.ghbass.com/ | |
| http://www.herbspro.com/ | http://www.hickoryfarms.com/ | |
| http://www.homary.com | http://www.josbank.com | |
| http://www.keurig.com | http://www.kindercare.com | |
| http://www.knetbooks.com | http://www.kohls.com/ | |
| http://www.lifestride.com | http://www.maurices.com/ | |
| http://www.menswearhouse.com/ | http://www.michaelkors.com/ | |
| http://www.motivescosmetics.com/ | http://www.nationalcar.com | |
| http://www.neatapparel.com/ | http://www.needonelife.com/ |
Raw Manifest
{ "name": "PerkSpot: Save While You Shop", "icons": { "16": "img/ps-16.png", "48": "img/ps-48.png", "128": "img/ps-128.png" }, "action": { "default_popup": "index.html?psbxpopup=true" }, "version": "36.7.0", "background": { "type": "module", "service_worker": "/static/js/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Take the savings from your employee discount program with you wherever you shop.", "permissions": [ "storage", "tabs", "webNavigation", "clipboardWrite", "*://*.perkspot.com/*" ], "content_scripts": [ { "js": [ "/static/js/modals.js", "/static/js/extensions.js", "/static/js/standDown.js" ], "run_at": "document_end", "matches": [ "https://*/*", "http://*/*" ] }, { "js": [ "/static/js/serp.js" ], "css": [ "/static/css/serp.css" ], "run_at": "document_end", "matches": [ "https://*/*" ], "include_globs": [ "https://www.google.*/search?*", "https://www.bing.*/search?*", "https://duckduckgo.com/*", "https://search.yahoo.com/search;*" ] }, { "js": [ "/static/js/loginInterstitial.js" ], "run_at": "document_end", "matches": [ "https://signin.perkspot.com/bx/auth", "https://signin-dev.perkspot.com/bx/auth", "https://signin.qa.perkspot.com/bx/auth", "http://localhost/bx/auth" ] }, { "js": [ "/static/js/pscTokenWatcher.js" ], "run_at": "document_start", "matches": [ "https://*.perkspot.com/*", "https://*.perkspot.local/*" ] } ], "host_permissions": [ "*://*.perkspot.com/*", "*://*.perkspot.local/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "/static/media/*", "/static/css/*", "/img/*" ] } ], "browser_specific_settings": { "gecko": { "id": "{f1c5f3fd-070b-4925-baa4-3c957220b28f}", "strict_min_version": "120.0" } } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.